Trolltech Removes Qt Vulnerability

A moderately critical vulnerability was discovered in the QUtf8Decoder of Trolltech's Qt Framework.

The Trolltech developers have now released patch to remove the "QUtf8Decoder" security bug in Qt3 and Qt4. Attackers were able to exploit the vulnerability via a specially crafted Unicode string. Processing the string would cause applications to crash due to an off by one heap overflow and thus execute injected malicious code. According to Trolltech there is no way of exploiting the bug in Qt4.

The error is what's known as an "Off-By-One Error", which is typically caused by a logical error on the part of the programmer leading to control structures being parsed once too often, or not frequently enough. The error can cause a program to crash.

Patches for the vulnerability which is listed under CVE number CVE-2007-4137, are available from the manufacturer's website for Qt3 and Qt4. Distributions are now starting to offer updated program packages, Red Hat for example.

Security researchers Secunia have discovered a vulnerability in StarOffice that gives attackers the ability to execute arbitrary code. The developers of the free counterpart, OpenOffice, removed the problem last week.